feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Don't base signature algorithm support on certificate

Browse Source 
The signature algorithm support is what you can do with another key, not
what you can do with your key.
This commit is contained in:
Sean Parkinson
2018-03-21 08:33:54 +10:00
parent b325e0ff91
commit c9c2e1a8a7
1 changed files with 4 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/internal.c
View File

@@ -1753,16 +1753,12 @@ void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig,
#ifdef WC_RSA_PSS
if (tls1_2) {
#ifdef WOLFSSL_SHA512
if (keySz == 0 || keySz >= MIN_RSA_SHA512_PSS_BITS) {
suites->hashSigAlgo[idx++] = rsa_pss_sa_algo;
suites->hashSigAlgo[idx++] = sha512_mac;
}
suites->hashSigAlgo[idx++] = rsa_pss_sa_algo;
suites->hashSigAlgo[idx++] = sha512_mac;
#endif
#ifdef WOLFSSL_SHA384
if (keySz == 0 || keySz >= MIN_RSA_SHA384_PSS_BITS) {
suites->hashSigAlgo[idx++] = rsa_pss_sa_algo;
suites->hashSigAlgo[idx++] = sha384_mac;
}
suites->hashSigAlgo[idx++] = rsa_pss_sa_algo;
suites->hashSigAlgo[idx++] = sha384_mac;
#endif
#ifndef NO_SHA256
suites->hashSigAlgo[idx++] = rsa_pss_sa_algo;